tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/CISOfy/lynis

This commit is contained in:
Michael Boelen 2020-03-20 14:01:14 +01:00
parent 1f3467f69a 8c0b42cdae
commit 352910e026
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
include/binaries
View File

@ -250,7 +250,8 @@
samhain) SAMHAINBINARY="${BINARY}"; LogText " Found known binary: samhain (integrity tool) - ${BINARY}" ;; samhain) SAMHAINBINARY="${BINARY}"; LogText " Found known binary: samhain (integrity tool) - ${BINARY}" ;;
service) SERVICEBINARY="${BINARY}"; LogText " Found known binary: service (system services) - ${BINARY}" ;; service) SERVICEBINARY="${BINARY}"; LogText " Found known binary: service (system services) - ${BINARY}" ;;
sed) SEDBINARY="${BINARY}"; LogText " Found known binary: sed (text stream editor) - ${BINARY}" ;; sed) SEDBINARY="${BINARY}"; LogText " Found known binary: sed (text stream editor) - ${BINARY}" ;;
sestatus) SESTATUSBINARY="${BINARY}"; LogText " Found known binary: sestatus (SELinux client) - ${BINARY}" ;; semanage) SEMANAGEBINARY="${BINARY}"; LogText " Found known binary: semanage (SELinux policy management tool) - ${BINARY}" ;;
sestatus) SESTATUSBINARY="${BINARY}"; LogText " Found known binary: sestatus (SELinux status tool) - ${BINARY}" ;;
slocate) LOCATEBINARY="${BINARY}"; LogText " Found known binary: slocate (file database) - ${BINARY}" ;; slocate) LOCATEBINARY="${BINARY}"; LogText " Found known binary: slocate (file database) - ${BINARY}" ;;
smbd) SMBDBINARY="${BINARY}"; if [ "${OS}" = "macOS" ]; then SMBDVERSION="unknown"; else SMBDVERSION=$(${BINARY} -V | grep "^Version" | awk '{ print $2 }'); fi; LogText "Found ${BINARY} (version ${SMBDVERSION})" ;; smbd) SMBDBINARY="${BINARY}"; if [ "${OS}" = "macOS" ]; then SMBDVERSION="unknown"; else SMBDVERSION=$(${BINARY} -V | grep "^Version" | awk '{ print $2 }'); fi; LogText "Found ${BINARY} (version ${SMBDVERSION})" ;;
smtpctl) SMTPCTLBINARY="${BINARY}"; LogText " Found known binary: smtpctl (OpenSMTPD client) - ${BINARY}" ;; smtpctl) SMTPCTLBINARY="${BINARY}"; LogText " Found known binary: smtpctl (OpenSMTPD client) - ${BINARY}" ;;

11
include/tests_mac_frameworks
View File

@ -152,6 +152,17 @@
Display --indent 6 --text "- Checking current mode and config file" --result "${STATUS_WARNING}" --color RED Display --indent 6 --text "- Checking current mode and config file" --result "${STATUS_WARNING}" --color RED
fi fi
Display --indent 8 --text "Current SELinux mode: ${FIND}" Display --indent 8 --text "Current SELinux mode: ${FIND}"
PERMISSIVE=$(${SEMANAGEBINARY} permissive --list --noheading | ${TRBINARY} '\n' ' ')
NPERMISSIVE=$(${SEMANAGEBINARY} permissive --list --noheading | ${WCBINARY} --lines)
Display --indent 8 --text "Found ${NPERMISSIVE} permissive SELinux object types"
LogText "Permissive SELinux object types: ${PERMISSIVE}"
UNCONFINED=$(${PSBINARY} -eo label,pid,command | ${GREPBINARY} '[u]nconfined_t' | ${TRBINARY} '\n' ' ')
INITRC=$(${PSBINARY} -eo label,pid,command | ${GREPBINARY} '[i]nitrc_t' | ${TRBINARY} '\n' ' ')
NUNCONFINED=$(${PSBINARY} -eo label | ${GREPBINARY} '[u]nconfined_t' | ${WCBINARY} --lines)
NINITRC=$(${PSBINARY} -eo label | ${GREPBINARY} '[i]nitrc_t' | ${WCBINARY} --lines)
Display --indent 8 --text "Found ${NUNCONFINED} unconfined and ${NINITRC} initrc_t processes"
LogText "Unconfined processes: ${UNCONFINED}"
LogText "Processes with initrc_t type: ${INITRC}"
else else
LogText "Result: SELinux framework is disabled" LogText "Result: SELinux framework is disabled"
Display --indent 4 --text "- Checking SELinux status" --result "${STATUS_DISABLED}" --color YELLOW Display --indent 4 --text "- Checking SELinux status" --result "${STATUS_DISABLED}" --color YELLOW